Lucene search
HackeroneCVE-2024-39715HistorySep 07, 2024 - 5:15 p.m.
CVE-2024-39715
2024-09-0717:15:12
CWE-94
hackerone
web.nvd.nist.gov
28
20
code injection
remote file upload
remote code execution
rest api access
vspc server
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
8.2
Confidence
Low
EPSS
0
Percentile
9.5%
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
Affected configurations
Node
veeamservice_provider_consoleRange≤8.0.0.19552
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veeam | service_provider_console | * | cpe:2.3:a:veeam:service_provider_console:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Veeam",
"product": "Veeam Service Provider Console",
"versions": [
{
"version": "8",
"status": "affected",
"lessThanOrEqual": "8",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2024-39715
2024-09-07 16:11:22
nvd
nvd
CVE-2024-39715
2024-09-07 17:15:12
vulnrichment
vulnrichment
CVE-2024-39715
2024-09-07 16:11:22
veeam
veeam
Veeam Security Bulletin (September 2024)
2024-09-04 00:00:00
CVSS3
8.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
8.2
Confidence
Low
EPSS
0
Percentile
9.5%
Related for CVE-2024-39715